Re: Reverse dns checking for local machine

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MPhilip Hazel at <-
MPhilip Hazel at ->
Delete this message
Reply to this message
Author: Sean Witham
Date:  
To: Philip Hazel
CC: Greg A. Woods, John Henders, exim-users
Subject: Re: Reverse dns checking for local machine


On Thu, 21 Aug 1997, Philip Hazel wrote:

>
> Exim can be configured to do the reverse lookup, and if what HELO said
> was "wrong", it will correct the data in what it logs. However, it can't
> be configured to reject the message, and it also ploughs on if the
> lookup fails. Obviously it would be fairly straightforward to add
> options to make it fail if it can't look up the name.
>
In todays world such options are required on exposed gateways, one behind
a firewall you may wish to make more forgiving.

> > I think
> > by now we can depend on experts to correctly configure their software.
>
> Maybe, but you can't depend on non-experts to configure their PCs!
>

Its up to the MTA manager to decide what he wants to accept and what
he wants to drop according to the local policy about such things.
Security may be more important than ease of use.

> Personally, I don't like the idea of wasting bandwidth doing all those
> lookups when 99% of the time you get the "right" answer and in any case
> the IP address gets logged. I've configured our mailers here just do do
> the check for machines on the local net. That way I correct the
> information in the Received: fields for messages from local PCs that are
> misconfigured.

Maybe an exim "security check" lookup cash would be useful.

--Sean




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: Reverse dns checking for local machineTrouble with Berkeley DB->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)